Defeating The Fake iOS Crash Reports

Defeating The Fake iOS Crash Reports

There have been a lot of reports lately about fake iOS crash reports that completely hijack your iPhone or iPad. Indeed, online crooks no longer just target Windows users and have ventured into other areas including Mac OS and more recently iOS.

The purpose of these fake pop ups is to trick people into calling for assistance by making them believe something bad happened to their device or simply out of sheer frustration.

Some early documented cases happened during the Fall of 2014, with users complaining that they would get this pop up that simply would not go away:

I click OK, and the window comes right back, over and over again. I can’t get rid f it and am unable to use Safari.

Source: iPadforums.net

message

****WARNING!! iOS Crash Report*** Due to a third party application in your phone, iOS is crashed Contact Support for Immediate Fix

It’s worth noting that these pop ups work a lot better on mobile devices than on desktop computers because they are harder to get rid of and seem to be persistent, no matter what.

An easy three-step solution

  1. Put your iPhone or iPad in “Airplane Mode”
  2. Clear Safari’s history (Settings->Safari->Clear History and Website Data)
  3. Re-Open Safari and exit Airplane Mode

A look at the source code

We got our hands on the source code of what seems to be the main and only template used across multiple different malicious domains.

files

It’s quite amazing that a few simple lines of code could cause such a massive problem and severe headaches among users.

script

A succinct but yet effective method to continually prompt the user with this pop up is done via:

setInterval(function(){alert(“”);;},1)

The number “1” is important because it sets how often to pop the window, in milliseconds. The trick those crooks are using is making that interval so quick that it is impossible to perform any other action before the pop up is there again.

There are new websites emerging every day and spreading these tech support scams targeting iOS users.

hxxp://www.iosalert-error.com/ hxxp://ios-errror.com/4/ hxxp://fixpc99.com/ggn/ios/index.html hxxp://iosfailurealerts.com/error/ hxxp://iosuiaalert.com/2muk/ hxxp://www.iossecurealarm.com/ hxxp://www.ioserroralarm.com/ hxxp://iosalerts.com/oio/ hxxp://fix-ios-alers.com/2/ hxxp://fix-ios-alers.com/2u-k/ hxxp://www.homelooks.info/ hxxp://ossecurityhelp.com/

Users can come across them simply while browsing the web on their mobile devices, most often via malicious advertisements (malvertising).

Luckily, these scary messages are just that, and they will not harm your phone or tablet. The most important thing to remember is to never call the toll free number for the purported “tech support”.

These scams rely heavily on social engineering and crooks are always ready to defraud you of hundreds of dollars if you give them your credit card number over the phone.

To learn more about tech support scams and what to do if you have been a victim, please check out our Help & Resource page.

ABOUT THE AUTHOR

Jérôme Segura

Sr Director, Research